Report Issue

Jenkins

Upgrading Jenkins

Regular Jenkins maintenance is necessary to ensure security patches are up to date.

Follow these steps to update Jenkins:

  1. Notify community that maintenance is about to begin

  2. Put Jenkins into Shutdown mode (https://jenkins.example.org/quietDown)

  3. yum update -y --exclude=jenkins (Do this step while waiting for Jobs to clear in shutdown mode.)

  4. yum update -y

  5. Update Jenkins plugins via Manage Jenkins > Manage Plugins

    Ensure that you click “Download now and install after restart” but DO NOT check the “Restart Jenkins when installation is complete and no jobs are running” button.

  6. Restart the server itself systemctl reboot

  7. Remove Shutdown mode from Jenkins (https://jenkins.example.org/cancelQuietDown)

GitHub Configuration

Jenkins requires admin level configuration to work with GitHub.

  1. Create a GitHub account for Jenkins to use

    The user needs to have Full Admin access to the GitHub Organization that Jenkins will manage, this is so that Jenkins can automatically manage the hooks.

  2. Navigate to https://jenkins.example.org/configure

  3. Under GitHub Servers click Advanced > Manage GitHub actions > Convert login and password to token

  4. Choose From login and password and enter the github-jenkins account details

  5. Click Create token credentials

  6. Under GitHub Servers click Add GitHub Server and configure the following:

    Name: <Leave blank>
    API URL: https://api.github.com
    Credentials: <Auto-generated token>
    Manage hooks: true
    GitHub client cache size (MB): 20
    
  7. Click Re-register hooks for all jobs

Security Configuration

Security recommendations for Jenkins.

  1. Install the OWASP Markup Formater Plugin
  2. Navigate to https://jenkins.example.org/configureSecurity/
  3. Configure the following:
    • Enable CSRF Protection with Default Crumb Issuer
    • Enable Agent -> Master Access Control
    • Disable JNLP Protocol 1 - 3
    • Enable JNLP Protocol 4
    • Set Markup Formatter to Safe HTML